Video Screencast Help

EndPoint Firewall Settings

Created: 19 Dec 2010 | 4 comments

Hello,

I have Symantec EndPoint Protection v11.0.6005.562 installed  on my computer.  I would like to connect to an external USB drive connected to my wireless router on my home network.  To connect to the USB drive, I use software provided by D-Link titled SharePort.  

With Endpoint Network Threat Protection disabled and with Windows Firewall active, I can connect without any problems.  The Windows Firewall shows the following exceptions for the SharePort software:

  • Inbound -> UDP -> Local: All Ports, Remote All Ports -> Scope: Any local or remote IP address -> Profiles: Private (home wireless network is recognized as Private network)
  • Inbound -> TCP -> Local: All Ports, Remote All Ports -> Scope: Any local or remote IP address -> Profiles: Private (home wireless network is recognized as Private network)

However, once I enable Endpoint Network Threat Protection, I cannot connect to the drive using the SharePort software.  I have tried configuring application settings and creating firewall rules in Endpoint to no avail.  Even after creating rules or configuring application settings, the connection is still blocked.

So if anyone can help create exceptions in Endpoint similar to those outlined above in Windows Firewall, I would greatly appreciate it.  

Cheers,

Jon

Comments 4 CommentsJump to latest comment

VKalani's picture

Hi,

 

What you could do is to first add a blank rule and then add the application name as sharepoint. Is this a managed client, or unmanaged?

 

http://clientui-kb.symantec.com/kb/index?page=content&id=TECH104433&actp=search&viewlocale=en_US&searchid=1292820881065

-VKalani

Farzad's picture

Have you applied Device Block policy? I mean do block any sort of device?

Since activating NTP activates Device control as well, maybe the device is being blocked by App/Dev Controler not the NTP

Please check and advice

ESET Certified Specialist \ Symantec Certified Specialist  \  MCSE +Security  \  CCNSE

Pawel Lakomski's picture

Hi,

Please check which port Sharepoint is using on the server (you can probably check it in IIS) and create a new rule on SEP firewall on the server opening this port.

How to add a rule using the"Add Firewall Rule Wizard"
http://www.symantec.com/docs/TECH105048

You can also try to do it automatically:

How to configure Symantec Desktop Firewall or Symantec Client Firewall to prompt you to create a firewall rule to open a specific blocked port
http://www.symantec.com/docs/TECH99226

Please also remember to create scannning exclusions on Sharepoint to increase performance as described here:

Exclusions required to run Symantec Endpoint Protection with Microsoft SharePoint
http://www.symantec.com/docs/TECH91287

--

Cheers,

Symantec Technical Specialist
Symantec Certified Specialist
MCP & MCITP
Cisco Certified Network Associate
Citrix Certified Administrator

 

jstewar9's picture

Thanks for everyone's suggestions.  Here is what I have tried:

  • Open all TCP and UDP ports: I was able to create generic rules that open all TCP and UDP ports.  SharePort worked correctly and I was able to access my external hard drive via my network.
  • Restrict by application:  I restricted the rules that I created above to only allow the SharePort executable (Connect.exe), however, this did not work.  I then checked the Endpoint NTP logs and noticed that it was blocking activity for svcohost and ntoskrnl on remote TCP/UDP port 19540 (the port that the SharePort software uses.  I added both of these it works now.  I noticed in Windows Firewall that there is an option to allow services called by an executable, too bad it is not an option in Endpoint. 
  • Limiting ports:  Next I tried limiting the rule to remote TCP/UDP port 19540.  Unfortunately, this did not work.

Ideally, I would like to limit as much as possible, but this will have to suffice.

 

Again, thanks for all of your assistance!

Cheers,

Jon